WordPad: Workaround for Word woes?

Summary:Microsoft has not said whether WordPad, the free word processor included with Windows, is vulnerable to the zero day flaw announced yesterday in Microsoft Word.

When Microsoft announced yesterday that  an unpatched vulnerability in the processing of RTF files  affecting in all versions of Microsoft Word was being exploited in the wild, they didn't say whether WordPad was also affected.

WordPad, once known as Windows Write (the file name is still write.exe), is a simple word processor included with Windows, up to and including Windows 8.1. It supports several file formats, among them RTF (in fact RTF is the default format).

We have asked Microsoft if WordPad is vulnerable to the same zero day bug announced for Word. They are still researching and have not provided an answer. We don't have access to the exploit so we can't test it.

Either it is vulnerable or it isn't. If it is vulnerable then we would expect Microsoft to update the security bulletin to reflect this fact.

If it is not vulnerable, then it should serve as a reasonable workaround until a fix is provided. The "Fix it" Microsoft provided works by shutting off RTF support in Microsoft Word, so WordPad could be used in the interim, if it is not vulnerable. Microsoft would also update their advisory to note this.

WordPad can also save files as native Word .DOCX files, so users could also use WordPad just for converting to .DOCX and still do all their work in Word. (Saving a .DOCX file as RTF in Word would not be a problem.)

WordPad

 

Topics: Security, Microsoft

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.